[j-nsp] SecurID netscreen problem

sunnyday cscosunny at gmail.com
Tue Jul 22 02:12:01 EDT 2008


I don't use tunnel interface just configured the vpn through the Autokey
Advanced ----> Gateway and Autokey Ike and then a bidirectional policy from
Dial-Up VPN to any Action=Tunnel
And that's it.After that the user is configured locally. And that thing that
you said with netscreen remote how can you do AUTH Authentication? 
I have only see preshared key and preshared key with Xauth.

-----Original Message-----
From: Stefan Fouant [mailto:sfouant at gmail.com] 
Sent: Monday, July 21, 2008 8:03 PM
To: sunnyday
Cc: Juniper-Nsp; nn at compsoc.com
Subject: Re: [j-nsp] SecurID netscreen problem

The tunnel can be treated as as an point-to-point IP unnumbered
interface for purposes of forwarding traffic, so normally there is no
need for IP address assignments on the tunnel itself.  IP addressing
is normally only used "inside" the tunnel if you wanted to ping the
remote end of the tunnel itself or perhaps layer another tunneling
technology on top of the underlying IPsec tunnel, thereby specifying
the local and remote tunnel IPs as the source and destination
addresses for the secondary tunnel.

If you can use Netscreen Remote Client as opposed to the ShrewSoft
client, you'll have more flexibility as the Netscreen Remote Client
will allow you to use AUTH authentication and therefore assign remote
settings.

On Mon, Jul 21, 2008 at 11:51 AM, sunnyday <cscosunny at gmail.com> wrote:
> Ok sorry
>
> Any client in mind that supports auth?
>> And how can I make the vpn work without ip address assigned to the
>> dialup user?
>> I have only managed to get it to work with ip.i also used netscreen
>> remote as well besides shrewsoft.
>
> -----Original Message-----
> From: Stefan Fouant [mailto:sfouant at gmail.com]
> Sent: Monday, July 21, 2008 5:11 PM
> To: sunnyday; Juniper-Nsp; nn at compsoc.com
> Subject: Re: [j-nsp] SecurID netscreen problem
>
> If I recall correctly, you are using Xauth. As I mentioned in a
> previous post, ScreenOS does not support the assignment of remote
> settings such as IP addresses using Xauth. In most cases you do not
> need to assign an address to the tunnel in order to get the tunnel
> operational, but if this is a requirement for your network you'll need
> to switch from that ShrewSoft client to something else that supports
> AUTH authentication.
>
> HTHs.
>
>
>
> On 7/21/08, sunnyday <cscosunny at gmail.com> wrote:
>> I have set up a vpn to authenticate to an external SecureID server the
>> authentication requests reach the server and authentication is successful
> as
>> I can see through the logs of the SecureID server
>>
>> But my problem is that the dialup vpn client is unable to get an ip
> address.
>> How it possible to give the vpn client an ip address?
>>
>> Thank you
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
> --
> Sent from Gmail for mobile | mobile.google.com
>
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> GPG Key ID: 0xB5E3803D
>
>



-- 
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D



More information about the juniper-nsp mailing list